CVE-2022-26105
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the Network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.
SAP NetWeaver Enterprise Portal - versiones 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, es susceptible de sufrir un ataque de ejecución de scripts por parte de un atacante no autenticado debido a la incorrecta sanitización de las entradas del usuario mientras interactúa en la Red. Si es explotado con éxito, un atacante puede visualizar o modificar la información causando un impacto limitado en la confidencialidad e integridad de la aplicación
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-02-25 CVE Reserved
- 2022-04-12 CVE Published
- 2023-11-03 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | 2022-04-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sap Search vendor "Sap" | Netweaver Enterprise Portal Search vendor "Sap" for product "Netweaver Enterprise Portal" | 7.10 Search vendor "Sap" for product "Netweaver Enterprise Portal" and version "7.10" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Enterprise Portal Search vendor "Sap" for product "Netweaver Enterprise Portal" | 7.11 Search vendor "Sap" for product "Netweaver Enterprise Portal" and version "7.11" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Enterprise Portal Search vendor "Sap" for product "Netweaver Enterprise Portal" | 7.20 Search vendor "Sap" for product "Netweaver Enterprise Portal" and version "7.20" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Enterprise Portal Search vendor "Sap" for product "Netweaver Enterprise Portal" | 7.30 Search vendor "Sap" for product "Netweaver Enterprise Portal" and version "7.30" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Enterprise Portal Search vendor "Sap" for product "Netweaver Enterprise Portal" | 7.31 Search vendor "Sap" for product "Netweaver Enterprise Portal" and version "7.31" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Enterprise Portal Search vendor "Sap" for product "Netweaver Enterprise Portal" | 7.40 Search vendor "Sap" for product "Netweaver Enterprise Portal" and version "7.40" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Enterprise Portal Search vendor "Sap" for product "Netweaver Enterprise Portal" | 7.50 Search vendor "Sap" for product "Netweaver Enterprise Portal" and version "7.50" | - |
Affected
| ||||||